Jump to content

sdesalas

Member
  • Posts

    5
  • Joined

  • Last visited

sdesalas's Achievements

Newbie

Newbie (1/14)

10

Reputation

  1. Having built systems like this I know they shouldnt be able to get my plain text password if they stored it as hash in the database using any of the algorithms for that purpose (SHA, HMACSHA, BCRYPT etc). So by deduction: the passwords are stored in plain text, and anyone who has access to the user database (most developers), will be able to see everybody’s passwords, not to mention the security risk if someone external gets hold of the database and publishes it.
  2. You’re right @hikarishinjo I tried the same flow today (website + forgot password) and they sent the email correctly with my username instead of my password. Might have been they picked up the issue and already fixed it during the week. Yet the email with plain text password is still in my inbox. :man_shrugging:
  3. This was 6 days ago. I only had a chance to report the bug today.
  4. I have different user name and password. Yet my password appeared as the username in the email.
  5. I just going this while trying to reset my password. Screenshot_20210416-094000720×1425 64.7 KB
×
×
  • Create New...